Download certificates shared among control-plane nodes from the kubeadm-certs Secret
Synopsis
Download certificates shared among control-plane nodes from the kubeadm-certs Secret
kubeadm join phase control-plane-prepare download-certs [api-server-endpoint] [flags]
Options
--certificate-key string | |
Use this key to decrypt the certificate secrets uploaded by init. The certificate key is a hex encoded string that is an AES key of size 32 bytes. |
|
--config string | |
Path to a kubeadm configuration file. |
|
--control-plane | |
Create a new control plane instance on this node |
|
--discovery-file string | |
For file-based discovery, a file or URL from which to load cluster information. |
|
--discovery-token string | |
For token-based discovery, the token used to validate cluster information fetched from the API server. |
|
--discovery-token-ca-cert-hash strings | |
For token-based discovery, validate that the root CA public key matches this hash (format: "<type>:<value>"). |
|
--discovery-token-unsafe-skip-ca-verification | |
For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning. |
|
--dry-run | |
Don't apply any changes; just output what would be done. |
|
-h, --help | |
help for download-certs |
|
--tls-bootstrap-token string | |
Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node. |
|
--token string | |
Use this token for both discovery-token and tls-bootstrap-token when those values are not provided. |
Options inherited from parent commands
--rootfs string | |
The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path. |